Even when security technology vendors and users are unaware of a vulnerability, cybercriminals may already be well aware and taking advantage.
“The threat landscape is always changing, so in order for us to stay ahead, we needed to add a layer of security that would be able to combat zero day attacks (that exploit undetected network security holes) and advanced persistent threats,” said Vincent Damiano, VP information security and compliance, Modell’s Sporting Goods. The family-owned, New York-based chain operates more than 150 stores throughout the Northeast.
Modell’s is using a software-based network security solution from Cyphort to actively monitor and detect perimeter threat activity, as well as any lateral activity, within its network infrastructure. Even with the ability to analyze its network performance in real time, Modell’s still has to ensure it is uncovering legitimate problems.
“Chasing false positives is a big challenge,” Damiano said. “Seventy percent of our analysts’ time was spent looking into false positives. The main causes for this were lack of scalability, as well as lack of being able to incorporate rule sets.”
Leveraging Cyphort’s solution, Modell’s obtains complete enterprise infrastructure coverage with a single management console. Open application program interfaces (APIs) have let Modell’s integrate the solution with existing security infrastructure investments, rather than perform a full “rip and replace.”
The solution also delivers action-oriented workflows that enable responders to determine which incidents require immediate attention, and also provide detailed reporting on the extent of threats. In addition, it enables compliance with Payment Card Industry (PCI) security standards.
“The biggest benefit thus far has been threat detection and behavioral analysis,” Damiano said. “We can inspect the malware behavior from multiple vantage points. We are already seeing a big change in time spent on evaluating the threats that really matter.”
Currently, Modell’s monitors its network at headquarters and across its stores. In the coming months, the retailer will expand its security activities, including the monitoring of email and encrypted traffic.